SEC-10: Input Sanitization
Summary
SEC-10 focuses on untrusted data entering a Make.com scenario or n8n workflow from forms, webhooks, APIs, or connected systems. FlowBeacon uses this policy to highlight places where input may not be checked carefully enough before it is transformed, stored, or forwarded.
Severity: Medium · Category: Security · Platforms: Make.com, n8n
What FlowBeacon Reviews
- Whether untrusted input appears to be validated before it is used in requests, queries, URLs, or other important automation actions.
- Whether risky or malformed content could move deeper into the automation unchecked.
- Whether basic sanitization, normalization, or rejection logic seems present where it is needed.
Why This Matters
- Unchecked input can create security problems, bad data, or unstable downstream behavior.
- Early validation reduces the chance that harmful or malformed content spreads.
- Good input hygiene improves both reliability and security at the same time.
If This Policy Is Flagged
- Review which entry points accept untrusted or externally supplied data.
- Add validation, normalization, or rejection logic for unsafe inputs.
- Prevent suspicious content from reaching sensitive downstream actions.
- Re-run the evaluation after input handling is stronger and more predictable.
Why Users Care
- Users reduce the chance that one bad payload causes wider business impact.
- Teams gain a clearer boundary between accepted and rejected automation input.
- Delivery partners can build automations that are safer to expose to external systems.